Debian Linux Security Advisory 4797-2 - The update for webkit2gtk released as 4797-1 introduced a regression with the WebSockets functionality. Updated webkit2gtk packages are now available to correct this issue.
7a1517d65ba8e2f827f2bb170c1e010d905412ee47957cd11a5342fca52825b9Debian Linux Security Advisory 4801-1 - A buffer overflow was discovered in Brotli, a generic-purpose lossless compression suite.
39c1a3c64fd38b6e1ef3c69ae1ac35abd72be122510a7de941c653244fb91774Debian Linux Security Advisory 4802-1 - Chiaki Ishikawa discovered a stack overflow in SMTP server status handling which could potentially result in the execution of arbitrary code.
8d5444b9b43c99430450d6298b4adc1770bb19a59fcce6879c1c7a73f432c355Debian Linux Security Advisory 4803-1 - Jan-Niklas Sohn discovered that the XKB extension of the Xorg X server performed incomplete input validation, which could result in privilege escalation.
f12b898e41b5d7e17f6c9d3352bf8cd7c5100bfd343609a4c34321e42e818563Debian Linux Security Advisory 4804-1 - Multiple vulnerabilities have been discovered in the Xen hypervisor, which could result in denial of service, privilege escalation or information leaks.
b2ab6cee53da1d96769ca16adfe9dfbf808ed31611a93a2497b295ea9aaa2731Debian Linux Security Advisory 4805-1 - Two vulnerabilities were discovered in Apache Traffic Server, a reverse and forward proxy server.
33cb8cac8efefd8630541aa85e3167e1088094ad4d96382eca60976d082286c7Debian Linux Security Advisory 4806-1 - It was discovered that missing input validation in minidlna, a lightweight DLNA/UPnP-AV server could result in the execution of arbitrary code. In addition minidlna was susceptible to the "CallStranger" UPnP vulnerability.
b7b80b0f3734909dfe21dcae6fd31eabfe56df3eb643835d5ebe4c724d7a784fDebian Linux Security Advisory 4807-1 - David Benjamin discovered a flaw in the GENERAL_NAME_cmp() function which could cause a NULL dereference, resulting in denial of service.
301c7963e0154712e1745c9d2397ec887def5b0060c1cc740ed144f687109534Debian Linux Security Advisory 4808-1 - It was discovered that missing input validation in the ar/tar implementations of APT, the high level package manager, could cause out-of-bounds reads or infinite loops, resulting in denial of service when processing malformed deb files.
72b22af4983e423e88a9104f100d1306c4503588d7516f149b0a6cbd98324d31Debian Linux Security Advisory 4809-1 - Various memory and file descriptor leaks were discovered in the Python interface to the APT package management runtime library, which could result in denial of service.
6ddfd77c1455dd7dc47020d1fd9baf4fd93dfee14ce80069ebe7bb8ba2f5dd1bDebian Linux Security Advisory 4809-2 - The update for python-apt released as DSA 4809-1 introduced a regression when passing a file descriptor to apt_inst.ArFile or apt_inst.DebFile causing a segmentation fault. Updated python-apt packages are now available to correct this issue.
5707a06f3825acb81d8ebbee8680d250b2274d281c25fa856c5a681bea7cd152Debian Linux Security Advisory 4810-1 - Yaniv Nizry discovered that the clean module of lxml, Python bindings for libxml2 and libxslt could be bypassed.
9f5243a3261ccdcaa166ebeebb4f930ac0ca824f46f3d25ea35e733245afc09cDebian Linux Security Advisory 4810-2 - The update for lxml released as 4810-1 introduced a regression when running under Python 2. Updated lxml packages are now available to correct this issue.
49c7b12d755a7995c6c7d6c6d871dfa35c4c97d839ec9df478b41aba3eb8e475Debian Linux Security Advisory 4811-1 - It was discovered that the default blacklist of XStream, a Java library to serialise objects to XML and back again, was vulnerable to the execution of arbitrary shell commands by manipulating the processed input stream.
acffd9ece540f4f9dd8e304dae118a6e0bebb805b838cb208f08a33a7fc074a7Debian Linux Security Advisory 4812-1 - Multiple vulnerabilities have been discovered in the Xen hypervisor.
37919a1fdf97980cfdebe6aa11ee31f4bf0b9ebf838344befc1d3a7c22df1c49Debian Linux Security Advisory 4813-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, information disclosure or CSS sanitiser bypass.
7c049e9f2c3d5a2f9bfcba92b367e1a93fb8ae2453346e9edbe11ef5a1674714Debian Linux Security Advisory 4814-1 - It was discovered that xerces-c, a validating XML parser library for C++, did not correctly scan DTDs. The use-after-free vulnerability resulting from this issue would allow a remote attacker to leverage a specially crafted XML file in order to crash the application or potentially execute arbitrary code. Please note that the patch fixing this issue comes at the expense of a newly introduced memory leak.
376080e2c1815c8640dadc1f13237e9f7f7e739ff15c62dbbc28fc3572c445b3Debian Linux Security Advisory 4815-1 - Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code, denial of service or information leak.
2f3172812c238f2f1fb029f212200ab8a63472748c4d507b24ac570b668ebaf9Debian Linux Security Advisory 4816-1 - Multiple security issues were discovered in MediaWiki, a website engine for collaborative work, which could result in cross-site scripting or the disclosure of hidden users.
0ae12b07a03ac1cfb062cc46e5e0bd51e3833af59d079937f3c7ebc383862f99Debian Linux Security Advisory 4817-1 - Two vulnerabilities were discovered in the PEAR Archive_Tar package for handling tar files in PHP, potentially allowing a remote attacker to execute arbitrary code or overwrite files.
55d35347b0095ee7302f943e512c864a3ce5dbf064f74322a52bab2f3e2a85ebDebian Linux Security Advisory 4818-1 - Several vulnerabilities were discovered in Sympa, a mailing list manager, which could result in local privilege escalation, denial of service or unauthorized access via the SOAP API.
b5e2af845768d3755cb9be263eef29650e1f5a4b75aef651239c12da54242c22Debian Linux Security Advisory 4819-1 - Stephane Chauveau discovered that the graphics protocol implementation in Kitty, a GPU-based terminal emulator, did not sanitise a filename when returning an error message, which could result in the execution of arbitrary shell commands when displaying a file with cat.
f6317a49d2923fe8f53b7672c8fb7c1f2edf2679a5c2d33218c92950955b63e6Debian Linux Security Advisory 4820-1 - Pritam Singh discovered an open redirect in the workflow forms of OpenStack Horizon.
aa4dcfbb55beed6cfd5dd0c5473f61da086f94bac322f0b535a9d8136898b814Debian Linux Security Advisory 4821-1 - Alex Birnberg discovered that roundcube, a skinnable AJAX based webmail solution for IMAP servers, is prone to a cross-site scripting vulnerability in handling HTML or Plain text messages with malicious content.
767561724a53319077d3cdf5d57e9f5904fcd9eb4ae9dc5d7a3475c8e8af11f2Gentoo Linux Security Advisory 202012-24 - Multiple vulnerabilities have been found in Samba, the worst of which could result in a Denial of Service condition. Versions less than 4.12.9 are affected.
09eede95a802e9406ba2349f3ea9a0665ce582d50fcd93512059a1e324ed54bc
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed